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IN THE CLAIMS : 

1. (Currently Amended) A method for establishing identity in a file system, comprising: 

receiving, from a client, a first Network File System (NFS) operation concerning 
an indicated file, the first NFS operation received by a proxy; 

forwarding the first NFS operation from the proxy to be received by a file server; 

returning a NFS file handle associated with the first NFS operation from the file 
server to the proxy in response to the file server receiving the first NFS operation from 
the proxy; 

inserting, by the proxy, metadata into the NFS file handle in response to receiving 
the NFS file handle from the file server, wherein the metadata is an encryption key; 

sending, by the proxy in response to receiving the NFS file handle from the file 
server, the NFS file handle with the metadata inserted in the NFS file handle to the client 
as a reply to the first NFS operation; and 

using, by the client, the metadata and the NFS file handle in a second NFS 
operation to identify the client and the indicated fil e; and 

receiving, from the client, the second NFS operation by the proxy, the second 
NFS operation comprising the metadata sent with the second NFS operation; 

identifying, in response to the metadata, the client as having a permission to 
submit the second NFS operation; 

sending the second NFS operation to the file server and not sending the metadata 
to the file server; and 

receiving, by the proxy, a further NFS reply from the file server, and sending, by 
the proxy, the further NFS reply to the client . 

2. (Previously Presented) The method of Claim 1, whereby using the metadata in the 
NFS file handle eliminates a need for the proxy to generate additional requests to the file 
server to establish file identity, and for completing client requests. 
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3. (Previously Presented) The method of Claim 1, further comprising: 

encoding metadata in a form of a session key into the file handle, the session key 
expiring after a predetermined amount of time. 

4. (Previously Presented) The method of Claim 1, further comprising: 

using an NFS file system as the file system. 

5. (Previously Presented) The method of Claim 1, further comprising: 

using a stateless protocol by the file system. 

6-29. (Cancelled). 

30. (Previously Presented) The method of claim 1, wherein the NFS file handle is of a 




receiving, from the client, a second NFS operation by the proxy, the second NFS 
operation comprising the metadata in a further NFS file handle sent with the second NFS 
operation; 

identifying, in response to the metadata, the client as having a permission to 
submit the second NFS operation; 

sending the second NFS operation to the file server and not sending the metadata 
with the second NFS file handle to the file server; and 

receiving by the proxy a further NFS reply from the file server, and sending by 
the proxy the further NFS reply to the client . 

31. (Previously Presented) A method for establishing identity in a file system, 
comprising: 

receiving a first file request concerning an indicated file from a client, the first file 
request received by a proxy; 

forwarding the first file request from the proxy to a file server; 
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6 returning a reply associated with the first file request from the file server to the 

7 proxy, wherein the reply includes a file handle associated with the indicated file; 

8 inserting, by the proxy, metadata into the file handle; 

9 sending, by the proxy, the file handle with the metadata inserted in the file handle 

10 to the client, the metadata to be used in further requests to identify the client as having a 
n permission to access the indicated file; 

12 receiving, from the client, a second file request by the proxy, the second file 

13 request including the metadata in a second file handle sent with the second file request; 

14 identifying, in response to the metadata, that the client has the permission to 

15 submit the second file request; 

16 sending the second file request to the file server and not sending the metadata 
n with the second file handle to the file server; and 

is receiving by the proxy a second reply from the file server, and sending by the 

19 proxy the second reply to the client. 

1 32. (Previously Presented) An apparatus to establish identity in a file system, 

2 comprising: 

3 a proxy configured to receive a first Network File System (NFS) operation 

4 concerning an indicated file sent by a client to the file system, the proxy further 

5 configured to forward the first NFS operation to be received by a file server; 

6 the file server configured to return a NFS file handle associated with the first NFS 

7 operation to the proxy in response to the file server receiving the first NFS operation 

8 from the proxy; 

9 the proxy further configured to insert metadata into the NFS file handle in 

10 response to receiving the NFS file handle from the file server, wherein the metadata is an 
n encryption key; and 

12 the proxy further configured to send the NFS file handle with the metadata 

13 inserted in the NFS file handle to the client as a reply to the first NFS operation, the 

14 metadata and the NFS file handle to be used in a second NFS operation to identify the 

15 client and the indicated file. 
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1 33. (Previously Presented) The apparatus as in claim 32, further comprising: 

2 the proxy further configured to receive, by the client, a second NFS operation, the 

3 second NFS operation comprising the metadata in the second NFS file handle sent with 

4 the second NFS operation; 

5 the proxy to identify, in response to the metadata, the client as having a 

6 permission to submit the second NFS operation; 

7 the proxy to send the second NFS operation to the file server and not to send the 

8 metadata with the second NFS file handle to the file server; and 

9 the proxy to receive a second NFS reply from the file server, and the proxy to 

10 send the second NFS reply to the client. 

1 34. (Previously Presented) The apparatus of Claim 32, further comprising: 

2 the proxy to use the metadata in the NFS file handle received from the client to 

3 eliminate a need for additional communication with the file server to establish file 

4 identity. 

1 35. (Previously Presented) The apparatus of Claim 32, further comprising: 

2 the proxy to encode the metadata in a form of a session key into the NFS file 

3 handle, the session key expiring after a predetermined amount of time. 

1 36. (Previously Presented) The apparatus of Claim 32, further comprising: 

2 an NFS file system used as the file system. 

1 37. (Previously Presented) The apparatus of Claim 32, further comprising: 

2 a stateless protocol used by the file system. 

1 38. (Previously Presented) A non-volatile memory executed on a computer, comprising: 

2 the non-volatile memory containing procedures for execution on the computer for 

3 a method of establishing identity in a file system, the method having the steps of, 
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4 receiving, from a client, a first Network File System (NFS) operation concerning 

5 an indicated file, the first NFS operation received by a proxy; 

6 forwarding the first NFS operation from the proxy to be received by a file server; 

7 returning a NFS file handle associated with the first NFS operation from the file 

8 server to the proxy in response to the file server receiving the first NFS operation from 

9 the proxy; 

10 inserting, by the proxy, metadata into the NFS file handle in response to receiving 
n the NFS file handle from the file server, wherein the metadata is an encryption key; and 

12 sending, by the proxy in response to receiving the NFS file handle from the file 

13 server, the NFS file handle with the metadata inserted in the NFS file handle to the client 

14 as a reply to the first NFS operation; and 

15 using, by the client, the metadata and the NFS file handle in a second NFS 

16 operation to identify the client and the indicated file. 

1 39. (Previously Presented) A method for establishing identity in a file system, 

2 comprising: 

3 receiving a first file request concerning an indicated file from a client, the first file 

4 request received by a proxy; 

5 forwarding the first file request from the proxy to a file server; 

6 granting a permission for the request to be acted upon by the file system in 

7 response to a predetermined protocol; 

8 returning a reply associated with the first file request from the file server to the 

9 proxy, wherein the reply includes a file handle associated with the indicated file; 

10 inserting, by the proxy, a session key into the file handle; and 

n sending, by the proxy, the file handle with the session key inserted in the file 

12 handle to the client, the session key to be used in further requests to identify the client 

13 and the indicated file. 
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1 40. (Previously Presented) The non-volatile memory of Claim 38, further comprising: 

2 receiving, from the client, a second NFS operation by the proxy, the second NFS 

3 operation comprising a session key in a second NFS file handle sent with the second NFS 

4 operation; 

5 identifying, in response to the session key, that the client has the permission to 

6 submit the second NFS operation; 

7 sending the second NFS operation to the file server and not sending the session 

8 key with the second NFS file handle to the file server; and 

9 receiving by the proxy a second NFS reply from the file server, and sending by 

10 the proxy the second NFS reply to the client. 

1 41. (Previously Presented) The non-volatile memory of Claim 40, further comprising: 

2 causing the session key to expire after a selected amount of time. 

1 42. (Previously Presented) The non-volatile memory of Claim 40, further comprising: 

2 causing the session key to expire after a selected amount of usage. 

1 43. (Previously Presented) The non-volatile memory of Claim 38, further comprising: 

2 using a NFS file server as the file server. 

1 44. (Previously Presented) The non-volatile memory of Claim 38, further comprising: 

2 using a two way communication exchange between the proxy and the file server. 

1 45. (Previously Presented) An apparatus to establish identity in a file system, 

2 comprising: 

3 a proxy to receive a file request sent by a client to the file system, the proxy to 

4 forward the request to a file server; 

5 the file server to return a reply associated with the file request to the proxy, 

6 wherein the reply includes a file handle; 

7 the proxy to insert a session key into the file handle; and 
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8 the proxy to send the file handle with the session key inserted in the file handle to 

9 the client, the session key to be used in further requests to identify the client and the 

10 indicated file. 

1 46. (Previously Presented) The apparatus as in claim 45, further comprising: 

2 the proxy to receive, by the client, a second file request, the second file request to 

3 include the session key in a further file handle sent with the second request; 

4 the proxy to identify, in response to the session key, the client as having a 

5 permission to submit the another file request; 

6 the proxy to send the second request to the file server and not to send the session 

7 key with the second file handle to the file server; and 

8 the proxy to receive a further reply from the file server, and the proxy to send the 

9 further reply to the client. 

1 47. (Previously Presented) The apparatus of Claim 45, further comprising: 

2 the proxy to use the metadata in the file handle received from the client to 

3 eliminate a need for additional communication with the file server to establish file 

4 identity. 

1 48. (Previously Presented) The apparatus of Claim 45, further comprising: 

2 the proxy to encode the metadata in a form of a session key into the file handle, 

3 the session key expiring after a predetermined amount of time. 

1 49. (Previously Presented) The apparatus of Claim 45, further comprising: 

2 an NFS file system used as the file system. 

1 50. (Previously Presented) The apparatus of Claim 45, further comprising: 

2 a stateless protocol used by the file system. 
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1 51. (Previously Presented) An apparatus to establish identity in a file system, 

2 comprising: 

3 a proxy configured to receive a first file request sent by a client to the file system, 

4 the proxy further configured to forward the first file request to a file server; 

5 the file server configured to return a reply associated with the first file request to 

6 the proxy; 

7 the proxy further configured to insert a session key into a file handle; 

8 the proxy further configured to send the file handle with the session key inserted 

9 in the file handle to the client, the session key configured to be used in a second file 

10 request to identify the client and the indicated file; 

n the proxy further configured to receive, by the client, a second file request, the 

12 second file request configured to include the session key in a second file handle sent with 

13 the second file request; 

14 the proxy further configured to identify, in response to the session key, the client 

15 as having a permission to submit the second file request; 

16 the proxy further configured to send the second file request to the file server and 

17 not to send the session key with the second file handle to the file server; and 

18 the proxy further configured to receive a second reply from the file server, and the 

19 proxy further configured to send the second reply to the client. 

1 52. (Previously Presented) A method for establishing identity in a file system, 

2 comprising: 

3 receiving a first file request concerning an indicated file from a client, the first file 

4 request received by a proxy; 

5 forwarding the first file request from the proxy to a file server; 

6 determining that the client has a permission to have the request acted upon by the 

7 file system in response to a predetermined protocol; 

8 returning a reply associated with the first file request from the file server to the 

9 proxy, wherein the reply includes a file handle associated with the indicated file; 

10 inserting, by the proxy, a cryptographic information into the file handle; 
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sending, by the proxy, the file handle with the cryptographic information inserted 
in the file handle to the client, the cryptographic information to be used in one or more 
requests to identify the client and the indicated file. 

53. (Previously Presented) The method according to claim 52, further comprising: 

receiving, by the client, a second file request by the proxy, the second file request 
including the cryptographic information in a second file handle sent with the second file 
request; 

identifying, in response to the cryptographic information, that the client has the 
permission to submit the second file request; 

sending the second file request to the file server and not sending the cryptographic 
information with the second file handle to the file server; and 

receiving by the proxy a second reply from the file server, and sending by the 
proxy the second reply to the client. 

54. (Previously Presented) The method according to claim 52, further comprising: 

causing the cryptographic information to expire after a selected amount of time. 

55. (Previously Presented) The method according to claim 52, further comprising: 

causing the cryptographic information to expire after a selected amount of usage. 

56. (Previously Presented) The method according to claim 52, further comprising: 

using a NFS protocol as the predetermined protocol. 

57. (Previously Presented) The method according to claim 52, further comprising: 

using as the predetermined protocol a two way communication exchange between 
the proxy and the file server. 

58. (Previously Presented) An apparatus to establish identity in a file system, 
comprising: 
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a proxy configured to receive a file request for an indicated file sent by a client to 
the file system, the proxy further configured to forward the request to a file server; 

the file server configured to return a reply associated with the file request to the 
proxy, wherein the reply is configured to include a file handle; 

the proxy further configured to insert a cryptographic information into the file 
handle; and 

the proxy further configured to send the file handle with the cryptographic 
information inserted in the file handle to the client, the cryptographic information 
configured to be used in further requests to identify the client and the indicated file. 

59. (Previously Presented) The apparatus as in claim 58, further comprising: 

the proxy further configured to receive, by the client, a second request, the second 
file request to include the cryptographic information in a second file handle sent with the 
second request; 

the proxy further configured to identify, in response to the cryptographic 
information, the client as having a permission to submit the second file request; 

the proxy further configured to send the second request to the file server and not 
to send the cryptographic information with the second file handle to the file server; and 

the proxy further configured to receive a further reply from the file server, and the 
proxy to send the further reply to the client. 

60. (Previously Presented) The apparatus of claim 58, further comprising: 

the proxy further configured to use the metadata in the file handle received from 
the client to eliminate a need for additional communication with the file server to 
establish file identity. 

61. (Previously Presented) The apparatus of claim 58, further comprising: 

the proxy further configured to encode the metadata in a form of a cryptographic 
information into the file handle, the cryptographic information configured to expire after 
a predetermined amount of time. 
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62. (Previously Presented) The apparatus of claim 58, further comprising: 

an NFS file system used as the file system. 

63. (Previously Presented) The apparatus of claim 58, further comprising: 

a stateless protocol used by the file system. 

64. (Previously Presented) An apparatus to establish identity in a file system, 
comprising: 

a proxy configured to receive a first file request sent by a client to the file 
system, the proxy to forward the first file request to a file server; 

the file server configured to return a reply associated with the first file request 
to the proxy; 

the proxy further configured to insert a cryptographic information into a file 

handle; 

the proxy further configured to send the file handle with the cryptographic 
information inserted in the file handle to the client, the cryptographic information 
configured to be used in a second file request to identify the client and the indicated 
file; 

the proxy further configured to receive, by the client, a second file request, the 
second file request configured to include the cryptographic information in a second 
file handle sent with the second file request; 

the proxy further configured to identify, in response to the cryptographic 
information, the client as having a permission to submit the second file request; 

the proxy further configured to send the second file request to the file server 
and not to send the cryptographic information with the second file handle to the file 
server; and 

the proxy further configured to receive a second reply from the file server, and 
the proxy to send the second reply to the client. 
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65. (Previously Presented) A method for establishing identity in a file system, 
comprising: 

receiving a file request concerning an indicated file from a client, the request 
received by a proxy; 

forwarding the request from the proxy to a file server; 

returning a reply associated with the file request from the file server to the 
proxy, wherein the reply includes a file handle associated with the indicated file; 

inserting, by the proxy, metadata into the file handle; and 

sending, by the proxy, the file handle with the metadata inserted in the file 
handle to the client, a size of the file handle set to a sum of a length of the server file 
handle and a length of the proxy metadata, the metadata to be used in further requests 
to identify the client and the indicated file. 

66. (Previously Presented) A method, comprising: 

receiving, by a proxy, a file request for a file sent from a client; 

forwarding the file request from the proxy to a file server; 

returning a reply associated with the file request from the file server to the 
proxy, wherein the reply includes a file handle; 

inserting, by the proxy, metadata into the file handle; 

sending, by the proxy, the file handle with the metadata inserted in the file 
handle to the client; and 

using, by the client, the metadata inserted into the file handle in a subsequent 
file request to identify the client and the file. 

67. (Previously Presented) A computer apparatus, comprising: 

a proxy configured to receive a client file request for a file and forward the 
file request from the proxy to a file server; 

the server configured to return a reply associated with the file request, wherein 
the reply includes a file handle; 
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the proxy further configured to intercept the file handle sent from the server 
and insert metadata into the file handle to create a modified file handle; 

the proxy further configured to send the modified file handle with the 
metadata inserted in the file handle to the client; and 

the proxy further configured to receive the modified file handle from the client 
for a second file request for the file, wherein the proxy is further configured to use the 
modified file handle to eliminate a need for the proxy to generate one or more 
additional requests to the server that would be required to access the file if the 
modified file handle did not include the inserted metadata. 
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